diff --git a/Assets/provisioners/demo-tasks/0.1.23/scripts/core/Hosts.rb b/Assets/provisioners/demo-tasks/0.1.23/scripts/core/Hosts.rb index 69b5b807..98bf6581 100644 --- a/Assets/provisioners/demo-tasks/0.1.23/scripts/core/Hosts.rb +++ b/Assets/provisioners/demo-tasks/0.1.23/scripts/core/Hosts.rb @@ -628,23 +628,59 @@ def self.rsync_version_low? end def self.configure_plugins(host) + return unless ARGV[0] == 'up' # Only configure plugins during 'vagrant up' + plugins = host['plugins'] || {} install_plugins = Array(plugins['install']) remove_plugins = Array(plugins['remove']) + needs_reload = false + + # Track plugin update states + @@plugin_states ||= {} # Remove plugins remove_plugins.each do |plugin| if Vagrant.has_plugin?(plugin['name']) system("vagrant plugin uninstall #{plugin['name']}") + needs_reload = true end end - # Install plugins + # Install and update plugins install_plugins.each do |plugin| - next if Vagrant.has_plugin?(plugin['name']) - - version_option = plugin['version'] == 'latest' ? '' : "--plugin-version #{plugin['version']}" - system("vagrant plugin install #{plugin['name']} #{version_option}") + if Vagrant.has_plugin?(plugin['name']) + # Only update plugins marked as 'latest' + if plugin['version'] == 'latest' + puts "Checking for updates to #{plugin['name']}..." + output = %x(vagrant plugin update #{plugin['name']}) + if output.include?("Updated '#{plugin['name']}'") + needs_reload = true + end + elsif plugin['version'] != 'latest' + # For specific version, check if version matches + current_version = %x(vagrant plugin list | grep #{plugin['name']}).split('(').last.split(')').first.strip + if current_version != plugin['version'] + system("vagrant plugin uninstall #{plugin['name']}") + system("vagrant plugin install #{plugin['name']} --plugin-version #{plugin['version']}") + needs_reload = true + end + end + else + # Install missing plugin + if plugin['version'] == 'latest' + system("vagrant plugin install #{plugin['name']}") + else + system("vagrant plugin install #{plugin['name']} --plugin-version #{plugin['version']}") + end + needs_reload = true + end + end + + # If any plugins were updated/installed/removed, reload Vagrant + if needs_reload + puts "Plugin changes detected - reloading Vagrant environment" + system("vagrant plugin clean") + exec("vagrant", *ARGV) end end @@ -669,4 +705,4 @@ def self.write_results_file(data, file_path, yaml) end end -end \ No newline at end of file +end diff --git a/Assets/provisioners/demo-tasks/0.1.23/scripts/provisioners/ansible/ansible_collections/startcloud/startcloud_roles/roles/dependencies/tasks/redhat.yml b/Assets/provisioners/demo-tasks/0.1.23/scripts/provisioners/ansible/ansible_collections/startcloud/startcloud_roles/roles/dependencies/tasks/redhat.yml index 78f0271e..0b3c5329 100644 --- a/Assets/provisioners/demo-tasks/0.1.23/scripts/provisioners/ansible/ansible_collections/startcloud/startcloud_roles/roles/dependencies/tasks/redhat.yml +++ b/Assets/provisioners/demo-tasks/0.1.23/scripts/provisioners/ansible/ansible_collections/startcloud/startcloud_roles/roles/dependencies/tasks/redhat.yml @@ -5,21 +5,45 @@ - name: "Updating yum cache" + become: yes ansible.builtin.yum: update_cache: true - name: "Upgrading all yum packages" + become: yes ansible.builtin.yum: name: '*' state: latest # noqa package-latest - name: "Installing EPEL repo" + become: yes ansible.builtin.yum: name: epel-release state: present +- + name: "Ensuring EPEL repo is enabled" + become: yes + ansible.builtin.ini_file: + path: /etc/yum.repos.d/epel.repo + section: epel + option: enabled + value: '1' + +- + name: "Installing utilities to enable package repositories" + become: yes + ansible.builtin.package: + name: yum-utils + state: latest + +- + name: "Updating yum cache" + ansible.builtin.yum: + update_cache: true + - name: "Installing packages" ansible.builtin.yum: diff --git a/Assets/provisioners/demo-tasks/0.1.23/scripts/provisioners/ansible/ansible_collections/startcloud/startcloud_roles/roles/dependencies/vars/redhat.yml b/Assets/provisioners/demo-tasks/0.1.23/scripts/provisioners/ansible/ansible_collections/startcloud/startcloud_roles/roles/dependencies/vars/redhat.yml index 1f016ff6..5e485767 100644 --- a/Assets/provisioners/demo-tasks/0.1.23/scripts/provisioners/ansible/ansible_collections/startcloud/startcloud_roles/roles/dependencies/vars/redhat.yml +++ b/Assets/provisioners/demo-tasks/0.1.23/scripts/provisioners/ansible/ansible_collections/startcloud/startcloud_roles/roles/dependencies/vars/redhat.yml @@ -34,7 +34,9 @@ packages: - cloud-init - dkms - uuid - - authbind +# - authbind +# - lynx +# - systemd-resolved - nano - vim - rsync @@ -62,14 +64,12 @@ packages: - zlib-devel - glibc.i686 - libstdc++ - - lynx - lshw - memtest86+ - htop - iotop - iftop - psmisc - - systemd-resolved - tree - jq - bc diff --git a/Assets/provisioners/demo-tasks/0.1.23/scripts/provisioners/ansible/ansible_collections/startcloud/startcloud_roles/roles/disks/tasks/main.yml b/Assets/provisioners/demo-tasks/0.1.23/scripts/provisioners/ansible/ansible_collections/startcloud/startcloud_roles/roles/disks/tasks/main.yml index fdf3ff69..57b23dc8 100644 --- a/Assets/provisioners/demo-tasks/0.1.23/scripts/provisioners/ansible/ansible_collections/startcloud/startcloud_roles/roles/disks/tasks/main.yml +++ b/Assets/provisioners/demo-tasks/0.1.23/scripts/provisioners/ansible/ansible_collections/startcloud/startcloud_roles/roles/disks/tasks/main.yml @@ -25,7 +25,12 @@ - name: "Extending the unecrypted Root Partition" ansible.builtin.shell: "{{ item }}" - ignore_errors: true + register: extend_root_partition + failed_when: + - extend_root_partition.rc != 0 + - "'NOCHANGE' not in extend_root_partition.stdout" + - "'Bad magic number' not in extend_root_partition.stderr" + changed_when: extend_root_partition.rc == 0 with_items: - "growpart /dev/{{ root_disk }} {{ root_partition_number }}" - "resize2fs /dev/{{ root_partition }}" diff --git a/Assets/provisioners/demo-tasks/0.1.23/scripts/provisioners/ansible/ansible_collections/startcloud/startcloud_roles/roles/quick_start/tasks/main.yml b/Assets/provisioners/demo-tasks/0.1.23/scripts/provisioners/ansible/ansible_collections/startcloud/startcloud_roles/roles/quick_start/tasks/main.yml index ab685588..1c767e00 100644 --- a/Assets/provisioners/demo-tasks/0.1.23/scripts/provisioners/ansible/ansible_collections/startcloud/startcloud_roles/roles/quick_start/tasks/main.yml +++ b/Assets/provisioners/demo-tasks/0.1.23/scripts/provisioners/ansible/ansible_collections/startcloud/startcloud_roles/roles/quick_start/tasks/main.yml @@ -162,6 +162,39 @@ state: started # Ensures the service is running. enabled: true # Enables the service to start on boot. + - + name: "Checking if Python HTTP server is listening on port {{ startcloud_quick_start_port_forwards[0].guest }}" # Checks if Python HTTP server is listening + when: not ansible_module_running_in_container + ansible.builtin.wait_for: + port: "{{ startcloud_quick_start_port_forwards[0].guest }}" # Specifies the port to check. + delay: 5 # Waits for 5 seconds before checking. + timeout: 60 # Sets a 60-second timeout for the check. + msg: "Timeout waiting for {{ startcloud_quick_start_port_forwards[0].guest }} to respond" # Custom message displayed if the check times out. + register: port_check # Stores the result for later use. + ignore_errors: true # Ignores errors if the port check fails. + + - + name: "Restarting Cockpit" # Restarts the Cockpit service. + when: not ansible_module_running_in_container + ansible.builtin.systemd: + state: restarted # Restarts the service. + daemon_reload: true # Reloads the systemd manager configuration. + name: cockpit # Specifies the service name. + + - + name: "Copying pythonserver supervisord configuration file" + when: ansible_module_running_in_container + ansible.builtin.template: + src: supervisord.pythonserver.conf.j2 + dest: /etc/supervisor/conf.d/supervisord.pythonserver.conf + owner: root + group: root + mode: '0644' + +- + name: "Block to always run these tasks" + when: true + block: - name: "Zipping Ansible Playbook Into Support Bundle" # Archives the Ansible roles directory into a ZIP file for support purposes. community.general.archive: @@ -186,10 +219,17 @@ force: false # Does not overwrite existing files. mode: 'a+x' # Appends to the file and sets execute permission. + - + name: "Checking if Domino has been autoconfigured" + register: autoconfigure + ansible.builtin.stat: + path: "{{ domino_home_dir }}/IBM_TECHNICAL_SUPPORT/autoconfigure.log" + get_md5: false + - name: "Including Domino One Touch autoconfigure to /vagrant/support-bundle/autoconfigure.log" # Copies the Domino One Touch log to the support bundle. become: true # Executes the task with elevated privileges. - when: domino_home_dir is defined # Only runs if the domino_home_dir variable is defined. + when: domino_home_dir is defined and autoconfigure.stat.exists # Only runs if the domino_home_dir variable is defined. ansible.builtin.copy: src: "{{ domino_home_dir }}/IBM_TECHNICAL_SUPPORT/autoconfigure.log" # Specifies the source file. dest: "/vagrant/support-bundle/autoconfigure.log" # Specifies the destination file. @@ -210,18 +250,7 @@ dest: "/vagrant/support-bundle/completed.json" # Specifies the destination file. force: false # Does not overwrite existing files. mode: 'a+x' # Appends to the file and sets execute permission. - - - - name: "Checking if Python HTTP server is listening on port {{ startcloud_quick_start_port_forwards[0].guest }}" # Checks if Python HTTP server is listening - when: not ansible_module_running_in_container - ansible.builtin.wait_for: - port: "{{ startcloud_quick_start_port_forwards[0].guest }}" # Specifies the port to check. - delay: 5 # Waits for 5 seconds before checking. - timeout: 60 # Sets a 60-second timeout for the check. - msg: "Timeout waiting for {{ startcloud_quick_start_port_forwards[0].guest }} to respond" # Custom message displayed if the check times out. - register: port_check # Stores the result for later use. - ignore_errors: true # Ignores errors if the port check fails. - + - name: "Zip Support Bundle" # Archives the support bundle directory into a ZIP file. community.general.archive: @@ -237,21 +266,3 @@ path: "/vagrant/support-bundle" dest: "/vagrant/support-bundle.zip" format: zip - - - - name: "Restarting Cockpit" # Restarts the Cockpit service. - when: not ansible_module_running_in_container - ansible.builtin.systemd: - state: restarted # Restarts the service. - daemon_reload: true # Reloads the systemd manager configuration. - name: cockpit # Specifies the service name. - - - - name: "Copying pythonserver supervisord configuration file" - when: ansible_module_running_in_container - ansible.builtin.template: - src: supervisord.pythonserver.conf.j2 - dest: /etc/supervisor/conf.d/supervisord.pythonserver.conf - owner: root - group: root - mode: '0644' diff --git a/Assets/provisioners/demo-tasks/0.1.23/scripts/provisioners/ansible/ansible_collections/startcloud/startcloud_roles/roles/serial/tasks/redhat.yml b/Assets/provisioners/demo-tasks/0.1.23/scripts/provisioners/ansible/ansible_collections/startcloud/startcloud_roles/roles/serial/tasks/redhat.yml index 70e54d14..7ae23f48 100644 --- a/Assets/provisioners/demo-tasks/0.1.23/scripts/provisioners/ansible/ansible_collections/startcloud/startcloud_roles/roles/serial/tasks/redhat.yml +++ b/Assets/provisioners/demo-tasks/0.1.23/scripts/provisioners/ansible/ansible_collections/startcloud/startcloud_roles/roles/serial/tasks/redhat.yml @@ -27,7 +27,7 @@ line: "{{ item.line }}" with_items: - { regexp: '^GRUB_CMDLINE_LINUX_DEFAULT=', line: 'GRUB_CMDLINE_LINUX_DEFAULT="quiet"' } - - { regexp: '^GRUB_CMDLINE_LINUX=', line: 'GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8"' } + - { regexp: '^GRUB_CMDLINE_LINUX=', line: 'GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0"' } - name: "Updating Grub packages" diff --git a/Assets/provisioners/demo-tasks/0.1.23/scripts/provisioners/ansible/ansible_collections/startcloud/startcloud_roles/roles/windows_provisioner/tasks/main.yml b/Assets/provisioners/demo-tasks/0.1.23/scripts/provisioners/ansible/ansible_collections/startcloud/startcloud_roles/roles/windows_provisioner/tasks/main.yml index 8200bf5f..c195ed8c 100644 --- a/Assets/provisioners/demo-tasks/0.1.23/scripts/provisioners/ansible/ansible_collections/startcloud/startcloud_roles/roles/windows_provisioner/tasks/main.yml +++ b/Assets/provisioners/demo-tasks/0.1.23/scripts/provisioners/ansible/ansible_collections/startcloud/startcloud_roles/roles/windows_provisioner/tasks/main.yml @@ -10,7 +10,7 @@ section: System Access key: PasswordComplexity value: 0 - + - name: "Adding Startcloud as admin user" ansible.windows.win_user: name: STARTcloud @@ -19,13 +19,13 @@ password_never_expires: true groups: - Administrators - + - name: "Restoring original password complexity requirements" community.windows.win_security_policy: section: System Access key: PasswordComplexity value: 1 - + - name: "Configuring System Proxy" when: use_proxy block: @@ -38,70 +38,70 @@ loop: - { name: "HTTP_PROXY", value: "http://{{ proxy_host }}:{{ proxy_port }}" } - { name: "HTTPS_PROXY", value: "http://{{ proxy_host }}:{{ proxy_port }}" } - + - name: "Configuring WinHTTP Proxy Settings" ansible.windows.win_shell: | netsh winhttp set proxy proxy-server="http={{ proxy_host }}:{{ proxy_port }};https={{ proxy_host }}:{{ proxy_port }}" bypass-list="*.local" - + - name: "Configuring Powershell" block: - name: "Setting Execution Policy to Unrestricted" ansible.windows.win_shell: Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force register: execution_policy_unrestricted - + - name: "Setting Execution Policy to Bypass for Process Scope and Enable TLS 1.2" ansible.windows.win_shell: '[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072' register: execution_policy_bypass - + - name: "Installing PS Updates" block: - name: "Setting NuGet Package Provider" ansible.windows.win_shell: Install-PackageProvider -Name NuGet -Force - + - name: "Setting PSGallery Repository to Trusted" ansible.windows.win_shell: Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted - + - name: "Installing PSWindowsUpdate Module" ansible.windows.win_shell: Install-Module -Name PSWindowsUpdate -Force - + - name: "Adding WUServiceManager" ansible.windows.win_shell: Add-WUServiceManager -ServiceID "7971f918-a847-4430-9279-4a52d1efe18d" -AddServiceFlag 7 -Confirm:$false - + - name: "Running Updates" ansible.windows.win_powershell: script: Install-WindowsUpdate -AcceptAll -MicrosoftUpdate -IgnoreReboot - + - name: "Rebooting to Apply Windows Updates" ansible.windows.win_reboot: reboot_timeout: 3600 - + - name: "Configuring AutoUnattend.xml and Post Provisioning Setup scripts" block: - name: "Creating Post-Provisioning Directory" ansible.windows.win_file: path: C:\temp state: directory - + - name: "Creating Post-Provisioning Directory" ansible.windows.win_file: path: C:\Windows\Temp\packer state: directory - + - name: "Creating STARTcloud Directory" ansible.windows.win_file: path: C:\opt\STARTcloud state: directory - + - name: "Copying provision-Autounattend.ps1 to packer directory" ansible.windows.win_template: src: provision-Autounattend.ps1.j2 dest: C:\Windows\Temp\packer\Autounattend.ps1 - + - name: "Copying provision-Autounattend.xml to packer directory" ansible.windows.win_template: src: provision-Autounattend.xml.j2 dest: C:\Windows\Temp\packer\Autounattend.xml - + - name: "Setting up WinRM" block: - name: "Downloading WinRM Configuration Script" @@ -109,12 +109,12 @@ url: "https://raw.githubusercontent.com/ansible/ansible-documentation/devel/examples/scripts/ConfigureRemotingForAnsible.ps1" dest: C:\temp\ConfigureRemotingForAnsible.ps1 register: winrm_setup - + - name: "Executing WinRM Configuration Script" ansible.windows.win_powershell: script: iex "C:\temp\ConfigureRemotingForAnsible.ps1" register: winrm_execution - + - name: "Installing Chocolatey" block: - name: "Downloading Chocolatey Installation Script" @@ -122,17 +122,17 @@ url: "https://community.chocolatey.org/install.ps1" dest: C:\temp\choco_install.ps1 register: choco_download - + - name: "Executing Chocolatey Installation Script" ansible.windows.win_powershell: script: iex "C:\temp\choco_install.ps1" register: choco_install - + - name: "Setting Timezone" ansible.windows.win_shell: | Write-Output "Setting Timezone" Set-TimeZone -Name "{{ timezone }}" -PassThru - + - name: "Setting NTP" ansible.windows.win_shell: | Write-Output "Setting NTP" @@ -142,25 +142,25 @@ vars: ntp1server: "ntp1.prominic.net,0x8" ntp2server: "ntp2.prominic.net,0x8" - + - name: "Setting User Configurations" ansible.windows.win_user: name: administrator password_never_expires: true - + - name: "Enabling Remote Desktop" ansible.windows.win_regedit: path: HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server name: fDenyTSConnections data: 0 type: dword - + - name: "Enabling Serial Emergency Management Console" ansible.windows.win_shell: | bcdedit /ems ON bcdedit /bootems ON bcdedit /emssettings EMSPORT:1 EMSBAUDRATE:115200 - + - name: "Adjusting Theme Settings" block: - name: "Adjusting Theme Settings AppsUseLightTheme" @@ -169,49 +169,49 @@ name: AppsUseLightTheme data: 0 type: dword - + - name: "Adjust Theme Settings SystemUsesLightTheme" ansible.windows.win_regedit: path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize name: SystemUsesLightTheme data: 0 type: dword - + - name: "Adjusting Theme Settings TaskbarMn" ansible.windows.win_regedit: path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced name: TaskbarMn data: 0 type: dword - + - name: "Adjusting Theme Settings ShowTaskViewButton" ansible.windows.win_regedit: path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced name: ShowTaskViewButton data: 0 type: dword - + - name: "Adjusting Theme Settings TaskbarDa" ansible.windows.win_regedit: path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced name: TaskbarDa data: 0 type: dword - + - name: "Adjusting Theme Settings TaskbarAl" ansible.windows.win_regedit: path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced name: TaskbarAl data: 0 type: dword - + - name: "Adjusting Theme Settings SearchboxTaskbarMode" ansible.windows.win_regedit: path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search name: SearchboxTaskbarMode data: 0 type: dword - + - name: "Adjusting Default User Settings" ansible.windows.win_shell: | REG LOAD HKLM\Default C:\Users\Default\NTUSER.DAT @@ -222,7 +222,7 @@ New-itemproperty -Path HKLM:\Default\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name TaskbarDa -Value 0 -PropertyType Dword New-itemproperty -Path HKLM:\Default\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name TaskbarAl -Value 0 -PropertyType Dword REG UNLOAD HKLM\Default - + - name: "Disabling Hibernate" block: - name: "Setting Hibernate file size" @@ -231,14 +231,14 @@ name: HiberFileSizePercent data: 0 type: dword - + - name: "Disabling Hibernate" ansible.windows.win_regedit: path: HKLM:\SYSTEM\CurrentControlSet\Control\Power\ name: HibernateEnabled data: 0 type: dword - + - name: "Adjusting Power Settings" block: - name: "Disabling Screen Saver" @@ -247,21 +247,21 @@ name: ScreenSaveActive data: 0 type: dword - + - name: "Disabling Monitor Timeout on AC" ansible.windows.win_shell: | powercfg -x -monitor-timeout-ac 0 - + - name: "Disabling Monitor Timeout on DC" ansible.windows.win_shell: | powercfg -x -monitor-timeout-dc 0 - + - name: "Setting Power Plan to High" ansible.windows.win_shell: | $HighPerf = powercfg -l | ForEach-Object { if ($_.contains("High performance")) { $_.split()[3] } } $CurrPlan = $(powercfg -getactivescheme).split()[3] if ($CurrPlan -ne $HighPerf) { powercfg -setactive $HighPerf } - + - name: "Disabling Windows Security Notification Icon" block: - name: "Disabling Windows Security Notification Icon" @@ -270,14 +270,14 @@ name: HideSystray data: 1 type: dword - + - name: "Disabling Windows Security Notification Icon" ansible.windows.win_regedit: path: HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications-Name name: DisableNotifications data: 1 type: dword - + - name: "Setting Registery to show Hidden files" block: - name: "Setting ShowSuperHidden to 1 to show system/super-hidden items" @@ -286,14 +286,14 @@ name: Hidden data: 1 type: dword - + - name: "Setting ShowSuperHidden to 1 to show system/super-hidden items" ansible.windows.win_regedit: path: HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced name: ShowSuperHidden data: 0 type: dword - + - name: "Installing Powershell 7" block: - name: Check if PowerShell 7 is already installed @@ -304,22 +304,22 @@ } register: ps7_check changed_when: false - + - name: "Debugging PS7 Check Result" ansible.builtin.debug: var: ps7_check - + - name: "Downloading Powershell 7 Installation Script" ansible.windows.win_get_url: url: "https://aka.ms/install-powershell.ps1" dest: C:\temp\install-powershell.ps1 when: ps7_check != "7" - + - name: "Executing Powershell 7 Installation Script" ansible.windows.win_powershell: script: iex "C:\temp\install-powershell.ps1" when: ps7_check != "7" - + - name: "Installing Chocolatey Packages" block: - name: "Installing Chocolatey packages" @@ -333,17 +333,17 @@ - bginfo - cyg-get - clamwin - + - name: "Upgrading all Chocolatey packages" chocolatey.chocolatey.win_chocolatey: name: all state: latest - + - name: "Removing Firefox Desktop Icon for All Users" ansible.windows.win_file: path: C:\Users\Public\Desktop\Firefox.lnk state: absent - + - name: "Installing and configuring cygwin with cyg-get" block: - name: "Adding Cygwin to System PATH" @@ -352,11 +352,11 @@ - C:\tools\cygwin\bin scope: machine state: present - + - name: "Installing Cygwin" ansible.windows.win_powershell: script: cyg-get cygrunsrv nano diffutils lynx make openssh perl psmisc rsync vim wget curl - + - name: "Setting RealTimeIsUniversal" ansible.windows.win_regedit: path: HKLM:\SYSTEM\CurrentControlSet\Control\TimeZoneInformation @@ -364,10 +364,10 @@ data: 1 type: dword when: is_bhyve_zone - + - name: "Gathering Windows Facts" ansible.windows.setup: - + - name: "Running Windows Server Configurations" when: ansible_os_family == "Windows" and "server" in ansible_distribution.lower() block: @@ -377,7 +377,7 @@ content: | Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0 - + - name: "Creating scheduled task to install OpenSSH Server" community.windows.win_scheduled_task: name: InstallOpenSSHServerTask @@ -390,10 +390,10 @@ username: SYSTEM state: present enabled: true - + - name: "Executing the scheduled task" ansible.windows.win_shell: schtasks /Run /TN "InstallOpenSSHServerTask" - + - name: "Waiting for the scheduled task to complete" ansible.windows.win_shell: | $task = Get-ScheduledTask -TaskName "InstallOpenSSHServerTask" @@ -401,7 +401,7 @@ Start-Sleep -Seconds 5 $task = Get-ScheduledTask -TaskName "InstallOpenSSHServerTask" } - + - name: "Waiting for the scheduled task to complete and check if it completed successfully" ansible.windows.win_shell: | $task = Get-ScheduledTask -TaskName "InstallOpenSSHServerTask" @@ -416,29 +416,29 @@ } $completedSuccessfully register: task_result - + - name: Delete the scheduled task if it completed successfully community.windows.win_scheduled_task: name: InstallOpenSSHServerTask state: absent when: task_result.stdout == "True" - + - name: "Starting and Setting the SSHD Service to Automatic" ansible.windows.win_service: name: sshd state: started start_mode: auto - + - name: "Waiting for file C:\\ProgramData\\ssh\\sshd_config to exist before continuing" ansible.windows.win_wait_for: path: C:\ProgramData\ssh\sshd_config - + - name: "Modifying SSH Configuration" ansible.windows.win_shell: | $sshd_config = "$($env:ProgramData)\ssh\sshd_config" (Get-Content $sshd_config).Replace("Match Group administrators", "# Match Group administrators") | Set-Content $sshd_config (Get-Content $sshd_config).Replace("AuthorizedKeysFile", "# AuthorizedKeysFile") | Set-Content $sshd_config - + - name: "Ensuring OpenSSH Server firewall rule exists" community.windows.win_firewall_rule: name: OpenSSH-Server-In-TCP @@ -448,25 +448,25 @@ localport: 22 description: OpenSSH Server (sshd) enabled: true - + - name: "Disabling Server Manager on Login" ansible.windows.win_regedit: path: HKCU:\Software\Microsoft\ServerManager name: DoNotOpenServerManagerAtLogon data: 1 type: dword - + - name: "Removing unwanted features" ansible.windows.win_feature: name: AzureArcSetup state: absent - + - name: "Installing and configuring SNMP Service" block: - name: "Installing SNMP Service" ansible.windows.win_powershell: script: Install-WindowsFeature SNMP-Service -IncludeAllSubFeature -IncludeManagementTools - + - name: "Configuring SNMP" block: - name: "Setting sysContact" @@ -475,45 +475,45 @@ name: sysContact data: "{{ syscontact }}" type: string - + - name: "Setting sysLocation" ansible.windows.win_regedit: path: HKLM:\SYSTEM\CurrentControlSet\services\SNMP\Parameters\RFC1156Agent name: sysLocation data: "{{ syslocation }}" type: string - + - name: "Setting ValidCommunities" ansible.windows.win_regedit: path: HKLM:\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities name: "{{ validcommunities }}" data: 4 type: dword - + - name: "Setting PermittedManagers" ansible.windows.win_regedit: path: HKLM:\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers name: "2" data: "0.0.0.0" type: string - + - name: "Enabling NFS Client" ansible.windows.win_feature: name: "NFS-Client" state: present - + - name: "Enabling Telnet Client" ansible.windows.win_feature: name: "Telnet-Client" state: present - + - name: "Running Windows Desktop Configurations" when: ansible_os_family == "Windows" and "server" not in ansible_distribution.lower() block: - name: "Enabling Telnet Client" ansible.windows.win_shell: | dism /online /Enable-Feature /FeatureName:TelnetClient - + - name: "Checking if Windows Backup package exists" ansible.windows.win_shell: | $packageName = (dism /online /get-packages | Select-String "Desktop" | ForEach-Object { $_.ToString().Split(':')[1].Trim() }) @@ -522,14 +522,14 @@ } register: backup_package changed_when: false - + - name: "Create InstallOpenSSHServer.ps1" ansible.windows.win_copy: dest: C:\Windows\Temp\packer\InstallOpenSSHServer.ps1 content: | Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0 - + - name: "Creating scheduled task to install OpenSSH Server" community.windows.win_scheduled_task: name: InstallOpenSSHServerTask @@ -542,10 +542,10 @@ username: SYSTEM state: present enabled: true - + - name: "Executing the scheduled task" ansible.windows.win_shell: schtasks /Run /TN "InstallOpenSSHServerTask" - + - name: "Waiting for the scheduled task to complete" ansible.windows.win_shell: | $task = Get-ScheduledTask -TaskName "InstallOpenSSHServerTask" @@ -553,7 +553,7 @@ Start-Sleep -Seconds 5 $task = Get-ScheduledTask -TaskName "InstallOpenSSHServerTask" } - + - name: "Waiting for the scheduled task to complete and check if it completed successfully" ansible.windows.win_shell: | $task = Get-ScheduledTask -TaskName "InstallOpenSSHServerTask" @@ -568,12 +568,12 @@ } $completedSuccessfully register: task_result - + - name: Delete the scheduled task if it completed successfully community.windows.win_scheduled_task: name: InstallOpenSSHServerTask state: absent - + - name: "Ensuring OpenSSH Server firewall rule exists" community.windows.win_firewall_rule: name: OpenSSH-Server-In-TCP @@ -583,103 +583,103 @@ localport: 22 description: OpenSSH Server (sshd) enabled: true - + - name: "Applying Blackscreen Resolution: Disable Firewall rule on Container log in and out" ansible.windows.win_regedit: path: HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy name: DeleteUserAppContainersOnLogoff data: 1 type: dword - + - name: "Disabling Windows Feedback Experience program" ansible.windows.win_regedit: path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo name: Enabled data: 0 type: dword - + - name: "Stopping Cortana from being used as part of your Windows Search Function" ansible.windows.win_regedit: path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search name: AllowCortana data: 0 type: dword - + - name: "Disabling Bing Search in Start Menu" ansible.windows.win_regedit: path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Search name: BingSearchEnabled data: 0 type: dword - + - name: "Adding Registry key to prevent bloatware apps from returning" block: - name: "Ensuring CloudContent registry path exists" ansible.windows.win_regedit: path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent state: present - + - name: "Setting DisableWindowsConsumerFeatures" ansible.windows.win_regedit: path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\CloudContent name: DisableWindowsConsumerFeatures data: 1 type: dword - + - name: "Ensuring ContentDeliveryManager registry path exists" ansible.windows.win_regedit: path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager state: present - + - name: "Setting ContentDeliveryAllowed" ansible.windows.win_regedit: path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager name: ContentDeliveryAllowed data: 0 type: dword - + - name: "Setting OemPreInstalledAppsEnabled" ansible.windows.win_regedit: path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager name: OemPreInstalledAppsEnabled data: 0 type: dword - + - name: "Setting PreInstalledAppsEnabled" ansible.windows.win_regedit: path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager name: PreInstalledAppsEnabled data: 0 type: dword - + - name: "Setting PreInstalledAppsEverEnabled" ansible.windows.win_regedit: path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager name: PreInstalledAppsEverEnabled data: 0 type: dword - + - name: "Setting SilentInstalledAppsEnabled" ansible.windows.win_regedit: path: HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager name: SilentInstalledAppsEnabled data: 0 type: dword - + - name: "Setting Mixed Reality Portal value to 0" ansible.windows.win_regedit: path: HKCU:\Software\Microsoft\Windows\CurrentVersion\Holographic name: FirstRunSucceeded data: 0 type: dword - + - name: "Disabling live tiles" ansible.windows.win_regedit: path: HKCU:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications name: NoTileApplicationNotification data: 1 type: dword - + - name: "Turning off Data Collection" block: - name: "Disable Data Collection for HKLM" @@ -688,85 +688,85 @@ name: AllowTelemetry data: 0 type: dword - + - name: "Disabling Data Collection for HKLM (Wow6432Node)" ansible.windows.win_regedit: path: HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\DataCollection name: AllowTelemetry data: 0 type: dword - + - name: "Disabling Data Collection for HKLM (Windows DataCollection)" ansible.windows.win_regedit: path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection name: Al lowTelemetry data: 0 type: dword - + - name: "Disabling Location Tracking" block: - name: "Ensuring SensorState registry path exists" ansible.windows.win_regedit: path: HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44} state: present - + - name: "Setting SensorPermissionState to 0" ansible.windows.win_regedit: path: HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44} name: SensorPermissionState data: 0 type: dword - + - name: "Ensuring LocationConfig registry path exists" ansible.windows.win_regedit: path: HKLM:\SYSTEM\CurrentControlSet\Services\lfsvc\Service\Configuration state: present - + - name: "Setting LocationConfig Status to 0" ansible.windows.win_regedit: path: HKLM:\SYSTEM\CurrentControlSet\Services\lfsvc\Service\Configuration name: Status data: 0 type: dword - + - name: "Stopping and disabling Diagnostics Tracking Service" ansible.windows.win_service: name: DiagTrack state: stopped start_mode: disabled - + - name: "Setting up BGInfo" block: - name: "Creating BGInfo directory" ansible.windows.win_file: path: C:\opt\Prominic.NET\backgrounds state: directory - + - name: "Downloading Prominic.bgi" ansible.windows.win_get_url: url: https://www.m4kr.net/downloads/Prominic.bgi dest: C:\opt\Prominic.NET\backgrounds\Prominic.bgi - + - name: "Creating Post-Provisioning Directory" ansible.windows.win_file: path: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup state: directory - + - name: "Downloading Bginfo64.lnk" ansible.windows.win_get_url: url: https://www.m4kr.net/downloads/Bginfo64.lnk dest: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bginfo64.lnk - + - name: "Downloading ProminicBackgroundv2.bmp" ansible.windows.win_get_url: url: https://www.m4kr.net/downloads/ProminicBackgroundv2.bmp dest: C:\opt\Prominic.NET\backgrounds\ProminicBackgroundv2.bmp - + - name: "Downloading ProminicBackground.jpg" ansible.windows.win_get_url: url: https://www.m4kr.net/downloads/ProminicBackground.jpg dest: C:\opt\Prominic.NET\backgrounds\ProminicBackground.jpg - + - name: "Setting up SSH" block: - name: Update SSH default Shell @@ -775,38 +775,38 @@ name: DefaultShell data: C:\tools\cygwin\bin\bash.exe type: string - + - name: Update SSH Default Shell Command Option ansible.windows.win_regedit: path: HKLM:\SOFTWARE\OpenSSH name: DefaultShellCommandOption data: "-c" type: string - + - name: "Creating SSH directory for STARTcloud" ansible.windows.win_file: path: C:\Users\Administrator\.ssh state: directory - + - name: "Preparing SSH Directory and Keys" ansible.windows.win_copy: src: ../../../../../../ssh_keys/id_rsa.pub dest: C:\Users\Administrator\.ssh\authorized_keys - + - name: "Creating SSH directory for STARTcloud" ansible.windows.win_file: path: C:\Users\STARTcloud\.ssh state: directory - + - name: "Preparing SSH Directory and Keys" ansible.windows.win_copy: src: ../../../../../../ssh_keys/id_rsa.pub dest: C:\Users\STARTcloud\.ssh\authorized_keys - + - name: "Configuring SSH Service" ansible.windows.win_powershell: script: Set-Service -Name 'sshd' -StartupType Automatic - + - name: "Configuring Uptime for SSH monitoring" block: - name: "Preparing Uptime" @@ -818,7 +818,7 @@ - C:\Windows\system32\uptime - C:\tools\cygwin\bin\uptime.exe - C:\tools\cygwin\bin\uptime - + - name: "Setting permissions on uptime" ansible.windows.win_shell: | icacls "{{ item }}" /grant Everyone:F @@ -827,15 +827,15 @@ - C:\Windows\system32\uptime - C:\tools\cygwin\bin\uptime.exe - C:\tools\cygwin\bin\uptime - + - name: "Removing Appx packages (and their hindering file assocations)" ansible.windows.win_shell: | Get-AppxPackage -name "*OneDriveSync*" | Remove-AppxPackage - + - name: "Disabling Firewall Profiles" ansible.windows.win_shell: | Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False - + - name: "Installing Windows Updates" block: - name: "Create InstallUpdates.ps1" @@ -845,7 +845,7 @@ Import-Module PSWindowsUpdate Get-WindowsUpdate -MicrosoftUpdate Install-WindowsUpdate -AcceptAll -MicrosoftUpdate -IgnoreReboot - + - name: "Creating scheduled task to install Windows Updates" community.windows.win_scheduled_task: name: InstallWindowsUpdatesTask @@ -858,10 +858,10 @@ username: SYSTEM state: present enabled: true - + - name: "Executing the scheduled task" ansible.windows.win_shell: schtasks /Run /TN "InstallWindowsUpdatesTask" - + - name: "Waiting for the scheduled task to complete" ansible.windows.win_shell: | $task = Get-ScheduledTask -TaskName "InstallWindowsUpdatesTask" @@ -869,7 +869,7 @@ Start-Sleep -Seconds 5 $task = Get-ScheduledTask -TaskName "InstallWindowsUpdatesTask" } - + - name: "Waiting for the scheduled task to complete and check if it completed successfully" ansible.windows.win_shell: | $task = Get-ScheduledTask -TaskName "InstallWindowsUpdatesTask" @@ -884,16 +884,16 @@ } $completedSuccessfully register: task_result - + - name: "Rebooting to Apply Windows Updates" ansible.windows.win_reboot: reboot_timeout: 7200 - + - name: "Installing Windows Updates" block: - name: "Executing the scheduled task" ansible.windows.win_shell: schtasks /Run /TN "InstallWindowsUpdatesTask" - + - name: "Waiting for the scheduled task to complete" ansible.windows.win_shell: | $task = Get-ScheduledTask -TaskName "InstallWindowsUpdatesTask" @@ -901,7 +901,7 @@ Start-Sleep -Seconds 5 $task = Get-ScheduledTask -TaskName "InstallWindowsUpdatesTask" } - + - name: "Waiting for the scheduled task to complete and check if it completed successfully" ansible.windows.win_shell: | $task = Get-ScheduledTask -TaskName "InstallWindowsUpdatesTask" @@ -916,16 +916,16 @@ } $completedSuccessfully register: task_result - + - name: "Rebooting to Apply Windows Updates" ansible.windows.win_reboot: reboot_timeout: 7200 - + - name: "Installing Windows Updates" block: - name: "Executing the scheduled task" ansible.windows.win_shell: schtasks /Run /TN "InstallWindowsUpdatesTask" - + - name: "Waiting for the scheduled task to complete" ansible.windows.win_shell: | $task = Get-ScheduledTask -TaskName "InstallWindowsUpdatesTask" @@ -933,7 +933,7 @@ Start-Sleep -Seconds 5 $task = Get-ScheduledTask -TaskName "InstallWindowsUpdatesTask" } - + - name: "Waiting for the scheduled task to complete and check if it completed successfully" ansible.windows.win_shell: | $task = Get-ScheduledTask -TaskName "InstallWindowsUpdatesTask" @@ -948,16 +948,16 @@ } $completedSuccessfully register: task_result - + - name: "Deleting the scheduled task if it completed successfully" community.windows.win_scheduled_task: name: InstallWindowsUpdatesTask state: absent - + - name: "Rebooting to Apply Windows Updates" ansible.windows.win_reboot: reboot_timeout: 7200 - + - name: "Disabling System Wide Proxy" when: use_proxy block: @@ -966,28 +966,28 @@ name: HTTP_PROXY state: absent level: machine - + - name: "Removing System Wide Proxy" ansible.windows.win_environment: name: HTTPS_PROXY state: absent level: machine - + - name: "Resetting WinHTTP Proxy Settings" ansible.windows.win_shell: | netsh winhttp reset proxy - + - name: "Reducing Template and Cleaning up System" block: - name: "Clearing last used files and folders" ansible.windows.win_shell: | Remove-Item "$env:APPDATA\Microsoft\Windows\Recent\AutomaticDestinations\*.automaticDestinations-ms" -FORCE -ErrorAction SilentlyContinue - + - name: "Cleaning Temp Files" ansible.windows.win_shell: | Takeown /d Y /R /f "C:\Windows\Temp\*" Icacls "C:\Windows\Temp\*" /GRANT:r administrators:F /T /c /q 2>&1 - + - name: "Reducing Page File" ansible.windows.win_shell: | $System = GWMI Win32_ComputerSystem -EnableAllPrivileges @@ -997,22 +997,22 @@ $CurrentPageFile.InitialSize = 512 $CurrentPageFile.MaximumSize = 512 $CurrentPageFile.Put() - + - name: "Verifying Health of Windows Installation" when: verify block: - name: "Scanning health of the image" ansible.windows.win_shell: 'DISM /Online /Cleanup-Image /ScanHealth' - + - name: "Starting component cleanup" ansible.windows.win_shell: 'DISM /Online /Cleanup-Image /StartComponentCleanup /ResetBase' - + - name: "Removing superseded components" ansible.windows.win_shell: 'DISM /Online /Cleanup-Image /SPSuperseded' - - - name: Run System File Checker - ansible.windows.win_shell: 'sfc /scannow' - + + # - name: Run System File Checker + # ansible.windows.win_shell: 'sfc /scannow' + - name: "Preparing for Sysprep" when: verify block: